Better Budgets for 2012: Four Ways to Save on Security Essentials

What can you realistically do this year to better protect your company?

Now Is The Time

Making IT security a business priority is urgent in 2012 for these reasons:

Employees will increase their use of wireless hotspots and cloud applications -- and handheld devices (a practice known as "bring your own device," or BYOD).

Cybercrooks already steal $1 billion a year from small and medium-sized businesses (SMBs) in the United States and Europe; businesses without effective security have become a prime target.

The most damaging security threats today target a business's finances and customer records, and often take down its IP network. Incurring a security breach is now much more costly than preventing one.

If cash flow and IT staffing at your business are limited, it's essential to get the most protection from the resources that you do have. Following are ways you can lead the campaign.

1. Enlist an Army: Educate Your Employees

This strategy is inexpensive and potent: Simply align the people power you already have.

Human behavior is always the wildcard in security, and now BYOD puts that card in every hand. A top security essential is having and enforcing an acceptable use policy (AUP) that spells out how your company's network and other IT resources can be used.

The AUP is a legal document. It must be signed by anyone who needs to use the resources; the signatures help protect against the excuse, "I didn't know."

To simplify and speed the development of your AUP, you can request assistance from a local Cisco® Certified Partner with an Advanced or Master Security Specialization. Some may also help you put your policy into effect -- for example, by training employees.

Then enforce the policy, leading by example and rewarding employees who exemplify desired security behavior. Don't forget to update the policy on an ongoing basis. And retrain employees as needed, at least annually.

2. Improve Your Techies' Security Skills

A second way to control costs is to tap existing in-house IT resources: Help one or more of your IT staff develop security expertise.

Training your techies in the hot field of IT security can get them excited about their jobs and reduce turnover -- and improve your business's information security.

Some are a capital expense (CapEx), some an operating expense; often they combine CapEx with cloud subscription services. Their pricing ranges from a few hundred dollars to a few thousand dollars and up. But beware the costs that technical complexity adds.

For businesses with fewer than 100 employees, Cisco simplifies security by combining firewall, VPN, and IPS technologies into a single appliance. These unified threat management (UTM) solutions support wireless access security (WPA and WPA2), can apply cloud-based content security, and are priced at under a thousand dollars.

4. Outsource: Draw on Experts' Services

Professional IT security services can dramatically reduce complexity and costs.
Many services are delivered and managed remotely; subscription pricing may be offered on a per-device, per-user, or per-use basis. The Cisco Certified Partners with an Advanced or Master Security Specialization offer a wide range of services, such as:

Evaluation of vulnerabilities

Remote security monitoring and management, as well as log management

Acceptable use policy (AUP) development and employee training

Services for Payment Card Industry (PCI) and other compliance requirements

The Partners that are Cisco IronPort® certified also have specialized content security expertise. And Partners that are managed security service providers (MSSPs) offer the most comprehensive services.

Now you can lead a campaign to improve your company's IT security -- without busting the budget.